Simply Search Privacy Policy

Effective Date: February 12, 2026
Last Updated: February 12, 2026

This Privacy Policy describes how ("Simply Search," "we," "us," or "our") collects, uses, discloses, and protects personal data when you access or use:

  • https://simplysearch.app
  • all subdomains of simplysearch.app (including, without limitation, buy.simplysearch.app, license.simplysearch.app, and updates.simplysearch.app)
  • related websites, checkout entry points, update feeds, licensing endpoints, support channels, and associated online services (collectively, the "Services")

If you do not agree with this Privacy Policy, please do not use the Services.

1. Scope and Relationship to Other Terms

This Privacy Policy applies to personal data processed through the Services listed above.

It does not directly govern:

  1. third-party websites or products that are not controlled by us;
  2. payment processing handled directly by third-party merchants of record or processors;
  3. personal data collected by your operating system, device manufacturer, browser provider, app store, or network provider outside our control.

Your use of the Services is also governed by:

2. Categories of Data We Collect

Depending on your use of simplysearch.app and subdomains, we may collect:

2.1 Contact and identity data

  1. Email address (for trial, licensing, checkout support, or communication).
  2. Name or other identifiers you voluntarily provide through forms or support channels.

2.2 Purchase and transaction-related data

  1. Order and subscription metadata provided by merchant systems.
  2. License identifiers and status.
  3. Billing status events (e.g., purchase, renewal, refund, chargeback notifications).

Note: Payment card details are typically processed by third-party merchants/processors, not stored by us directly.

2.3 Licensing and entitlement data

When using licensing endpoints (for example, on license.simplysearch.app), we may process:

  1. License key or masked license key representation.
  2. Email (and/or hashed email).
  3. Device identifier or hashed device identifier.
  4. Device display name.
  5. Activation instance identifiers.
  6. App version/build metadata.
  7. Entitlement/token issuance and refresh metadata.
  8. API request metadata such as IP address, timestamps, and response status.

2.4 Technical and usage data

  1. IP address and approximate geolocation inferred from IP.
  2. Browser/device characteristics, operating system, referral URLs, and timestamps.
  3. Error, diagnostics, and security logs.
  4. Update-check and distribution telemetry (including update channel and version information), where enabled by product settings.

2.5 Cookies and similar technologies

We and/or our service providers may use cookies, local storage, pixels, or similar technologies for:

  1. essential site functionality;
  2. session continuity and security;
  3. analytics and performance measurement;
  4. preference persistence.

3. How We Collect Data

We collect data:

  1. directly from you (forms, support contact, trial/activation input);
  2. automatically when you use the Services (logs, security events, technical metadata);
  3. from third parties (merchant-of-record systems, payment events, anti-fraud providers, hosting and infrastructure providers).

4. Purposes of Processing

We process personal data to:

  1. provide, operate, and maintain the Services across simplysearch.app and subdomains;
  2. process and validate licenses, activations, trials, and entitlement refreshes;
  3. process transactions and reconcile billing/licensing events;
  4. enforce contractual, anti-abuse, and security policies;
  5. detect, prevent, and investigate fraud, abuse, and unauthorized access;
  6. provide customer support and account/order assistance;
  7. improve service reliability, product quality, and user experience;
  8. comply with legal, regulatory, tax, accounting, and enforcement obligations;
  9. communicate with you about product, legal, security, or operational updates.

5. Legal Bases (Where Applicable)

If data protection laws require a legal basis (for example GDPR/UK GDPR), we rely on one or more of:

  1. Contract performance: to provide purchased or requested Services.
  2. Legitimate interests: to secure, operate, improve, and defend the Services.
  3. Legal obligation: to comply with law, regulation, legal process, and records requirements.
  4. Consent: where required by law (for example, certain cookie/marketing contexts), which you may withdraw as permitted by law.

6. How We Share Data

We may disclose personal data to:

  1. Infrastructure providers (hosting, CDN, DNS, storage, logging, security).
  2. Merchant-of-record/payment providers (for order and payment operations).
  3. Analytics and observability providers.
  4. Professional advisors (legal, accounting, audit) under confidentiality obligations.
  5. Law enforcement, regulators, courts, or government authorities where required by law or legal process.
  6. Corporate transaction counterparties in merger, acquisition, financing, restructuring, or asset sale contexts.

We do not sell personal data in the traditional brokered-data sense unless explicitly stated and legally disclosed.

7. Data About Subdomains and Service Roles

Because the Services are distributed across simplysearch.app subdomains, processing may differ by endpoint:

  1. simplysearch.app:
    • marketing, content, and contact-oriented traffic
  2. buy.simplysearch.app:
    • checkout entry and purchase flow routing
  3. license.simplysearch.app:
    • license activation, refresh, status, deactivation, and webhook handling
  4. updates.simplysearch.app:
    • update feed and distribution operations

Data from these subdomains may be correlated as needed for security, licensing, billing consistency, fraud prevention, and support.

8. Data Retention

We retain personal data only as long as reasonably necessary for the purposes described in this policy, including:

  1. active service delivery and support;
  2. security monitoring and abuse prevention;
  3. legal, tax, audit, and accounting obligations;
  4. dispute resolution and contract enforcement.

Retention periods vary by data type and operational requirement. We may de-identify or aggregate data instead of deleting where permitted.

9. Security Measures

We use reasonable technical and organizational safeguards, which may include:

  1. encryption in transit;
  2. access controls and least-privilege practices;
  3. secrets management and key isolation;
  4. endpoint validation and rate limiting;
  5. signed token verification and replay/idempotency controls;
  6. logging, monitoring, and incident-response practices.

No system is perfectly secure, and we cannot guarantee absolute security.

10. International Data Transfers

Your data may be processed in countries other than your country of residence, including the United States, where data protection laws may differ.

Where required, we use appropriate safeguards for cross-border transfers.

11. Children's Privacy

The Services are not directed to children under 13 (or higher age threshold where required by local law). We do not knowingly collect personal data from children in violation of applicable law.

If you believe a child has provided personal data improperly, contact us so we can take appropriate action.

12. Your Privacy Rights

Depending on your jurisdiction, you may have rights including:

  1. Access to personal data.
  2. Correction of inaccurate data.
  3. Deletion of personal data.
  4. Restriction or objection to processing.
  5. Data portability.
  6. Withdrawal of consent (where processing is consent-based).
  7. Non-discrimination for exercising privacy rights (where required by law).

To exercise rights, contact us using the details below. We may need to verify your identity and authority before fulfilling requests.

13. California Privacy Notice (CPRA/CCPA)

If you are a California resident, you may have rights to:

  1. know the categories of personal information collected, used, disclosed, and shared;
  2. request deletion or correction;
  3. limit certain uses of sensitive personal information (where applicable);
  4. opt out of "sale" or "sharing" as defined by law, if such activities apply.

We will not unlawfully discriminate against you for exercising California privacy rights.

You may designate an authorized agent, subject to verification requirements.

14. EU/UK/EEA Notice

If you are in the EU/UK/EEA:

  1. you may file a complaint with your local data protection authority;
  2. you may exercise applicable rights under GDPR/UK GDPR;
  3. where required, we rely on lawful transfer mechanisms for international transfers.

15. Cookies and Tracking Choices

Depending on jurisdiction and implementation, you may be able to:

  1. manage cookies via browser settings;
  2. use consent controls/banners where available;
  3. block certain analytics/tracking technologies (which may affect functionality).

Some browser signals (e.g., Do Not Track) may not be universally interpreted due to lack of consistent standards.

16. Data Integrity and Accuracy

You are responsible for providing accurate and up-to-date information where required to use licensing, billing, support, or account-linked features. Inaccurate information may prevent activation, entitlement validation, support response, or billing resolution.

17. Third-Party Services

We may use third-party services for payments, hosting, analytics, communication, and security. These providers may process personal data under their own privacy notices and contractual commitments.

Where a third party acts as an independent controller (for example, merchant of record), that party's privacy policy governs its independent processing.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Updated versions are effective when posted unless a later date is stated.

If changes are material, we may provide additional notice through the Services, release notes, or email where appropriate.

19. Contact Us

For privacy questions, requests, or complaints:

If you contact us regarding a specific transaction or license issue, include enough detail to help us locate relevant records (for example order email, approximate date, and affected subdomain/endpoints).